Add Authentication and Authorization for feast serving by jmelinav · Pull Request #865 · feast-dev/feast

jmelinav · 2020-07-08T13:57:31Z

What this PR does / why we need it:
PR enables authentication and authorization for feast serving, configurations remain same as feast core's authentication and authorization configuration.
Which issue(s) this PR fixes:

Fixes #823

Does this PR introduce a user-facing change?:Yes

The following params on python sdk "Client" object has been renamed. 
params "core_enable_auth", "core_auth_provider" and "core_auth_token" 
has been renamed to "enable_auth", "auth_provider" and "auth_token" respectively. 
Now same params are used for enabling auth on both core and serving connections.

It doesn't break if auth is enabled only on core and not on serving. 
However client will pass the auth metadata to serving as well.

action required : If deployment has auth enabled, 
then python sdk "Client" object references should be updated to use new params.

feast-ci-bot · 2020-07-08T13:57:46Z

Hi @jmelinav. Thanks for your PR.

I'm waiting for a feast-dev member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

auth/src/main/java/feast/auth/service/AuthorizationService.java

jmelinav · 2020-07-09T12:44:58Z

/assign @pyalex

dr3s · 2020-07-09T16:26:27Z

/lgtm

dr3s · 2020-07-09T16:26:42Z

/ok-to-test

jmelinav · 2020-07-09T21:06:46Z

/test test-end-to-end-auth

jmelinav · 2020-07-09T22:00:12Z

/test test-end-to-end-batch

jmelinav · 2020-07-11T01:22:31Z

/test test-end-to-end-auth

jmelinav · 2020-07-27T17:33:54Z

/test test-end-to-end-batch-dataflow

serving/src/test/resources/docker-compose/docker-compose-it-core.yml

…, removed unwanted expire time validation from gauth.

serving/src/test/java/feast/serving/it/ServingServiceOauthAuthroizationIT.java

feast-ci-bot · 2020-07-28T17:49:13Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dr3s, jmelinav
To complete the pull request process, please assign pyalex
You can assign the PR to them by writing /assign @pyalex in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

dr3s · 2020-07-28T17:49:30Z

/test-end-to-end

dr3s · 2020-07-28T17:50:03Z

/retest

jmelinav · 2020-07-28T19:53:22Z

/test test-end-to-end-batch-dataflow

dr3s · 2020-07-28T20:58:53Z

/lgtm

infra/docker-compose/docker-compose.online.yml

feast-ci-bot · 2020-07-29T14:02:23Z

New changes are detected. LGTM label has been removed.

feast-ci-bot · 2020-07-29T14:11:17Z

@jmelinav: The following test failed, say /retest to rerun them all:

Test name	Commit	Details	Rerun command
test-end-to-end-batch-dataflow	`aae07e5`	link	`/test test-end-to-end-batch-dataflow`

Full PR test history

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

dr3s · 2020-07-29T14:46:02Z

/test test-end-to-end-redis-cluster

* Authentication and authorization for feast serving, squashed on 07/21 * fix e2e, add metadata plugin in jobs, merge labels, auth failure test, removed unwanted expire time validation from gauth. * fix rebase adaption. * Fix core integration test. * Authentication integration test. * Add authorization test and minor refactoring. * fix failing integration test. * fix lint error.

jmelinav requested review from davidheryanto, khorshuheng, pyalex, woop and zhilingc as code owners July 8, 2020 13:57

feast-ci-bot added do-not-merge/work-in-progress needs-kind labels Jul 8, 2020

feast-ci-bot added needs-ok-to-test size/L labels Jul 8, 2020

dr3s added kind/feature New feature or request and removed needs-kind labels Jul 8, 2020

jmelinav changed the title ~~WIP:Authentication for feast serving~~ Add Authentication and Authorization for feast serving Jul 9, 2020

feast-ci-bot removed the do-not-merge/work-in-progress label Jul 9, 2020

woop reviewed Jul 9, 2020

View reviewed changes

auth/src/main/java/feast/auth/service/AuthorizationService.java Outdated Show resolved Hide resolved

feast-ci-bot assigned pyalex Jul 9, 2020

feast-ci-bot assigned dr3s Jul 9, 2020

feast-ci-bot added the lgtm label Jul 9, 2020

feast-ci-bot added ok-to-test and removed needs-ok-to-test lgtm labels Jul 9, 2020

feast-ci-bot added size/XL and removed size/L labels Jul 11, 2020

jmelinav force-pushed the feast-serving-auth branch from 2eb7b2c to 21a2f7d Compare July 11, 2020 00:46

dr3s approved these changes Jul 27, 2020

View reviewed changes

woop reviewed Jul 28, 2020

View reviewed changes

serving/src/test/resources/docker-compose/docker-compose-it-core.yml Outdated Show resolved Hide resolved

jmelinav added 6 commits July 28, 2020 12:49

Authentication and authorization for feast serving, squashed on 07/21

07aed5a

fix e2e, add metadata plugin in jobs, merge labels, auth failure test…

e8859d5

…, removed unwanted expire time validation from gauth.

fix rebase adaption.

d8ebca5

Fix core integration test.

f5fdb3f

Authentication integration test.

2461ac1

Add authorization test and minor refactoring.

59bf780

jmelinav force-pushed the feast-serving-auth branch from dd1d141 to 59bf780 Compare July 28, 2020 16:51

dr3s reviewed Jul 28, 2020

View reviewed changes

serving/src/test/java/feast/serving/it/ServingServiceOauthAuthroizationIT.java Outdated Show resolved Hide resolved

dr3s approved these changes Jul 28, 2020

View reviewed changes

fix failing integration test.

4d37a79

feast-ci-bot added the lgtm label Jul 28, 2020

woop reviewed Jul 29, 2020

View reviewed changes

infra/docker-compose/docker-compose.online.yml Show resolved Hide resolved

fix lint error.

aae07e5

feast-ci-bot removed the lgtm label Jul 29, 2020

dr3s merged commit 4ed5cda into feast-dev:master Jul 29, 2020

jmelinav deleted the feast-serving-auth branch July 29, 2020 17:21

mrzzy mentioned this pull request Aug 2, 2020

Backports for v0.6.2 #918

Merged

mrzzy mentioned this pull request Aug 16, 2020

Authentication & Authorization Support for Java and Go SDKs #950

Closed

Conversation

jmelinav commented Jul 8, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

feast-ci-bot commented Jul 8, 2020

Uh oh!

Uh oh!

jmelinav commented Jul 9, 2020

Uh oh!

dr3s commented Jul 9, 2020

Uh oh!

dr3s commented Jul 9, 2020

Uh oh!

jmelinav commented Jul 9, 2020

Uh oh!

jmelinav commented Jul 9, 2020

Uh oh!

jmelinav commented Jul 11, 2020

Uh oh!

jmelinav commented Jul 27, 2020

Uh oh!

Uh oh!

Uh oh!

feast-ci-bot commented Jul 28, 2020

Uh oh!

dr3s commented Jul 28, 2020

Uh oh!

dr3s commented Jul 28, 2020

Uh oh!

jmelinav commented Jul 28, 2020

Uh oh!

dr3s commented Jul 28, 2020

Uh oh!

Uh oh!

feast-ci-bot commented Jul 29, 2020

Uh oh!

feast-ci-bot commented Jul 29, 2020 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

dr3s commented Jul 29, 2020

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

jmelinav commented Jul 8, 2020 •

edited

Loading

feast-ci-bot commented Jul 29, 2020 •

edited

Loading